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Appl. No.: 10/027401 

Amdz. Dacedjune 13, 2005 

Response to Office Action of March 11. 2005 

Amendmencs to the Claims : 

This listing of claims will replace all prior versions, and listings, of claims in the application: 
Listing of Claims : 

1. (currently amended) A method facilitating deployment of volume-based network policies 
across a computer network, the method comprising the steps o£ 

monitorin g over a given time interval, the aggregate volume of data transfer 
corresponding to n etwork traffic gcnGratcd by each user of a plurality of users; 

detectin g, for a first user in the plurality of users, a network utilization milestone^ 
wherein the network uriliyari on Tnilestone occurs when the aggregate volume of data transfer 
associated vyith the first user crosses a threshold relative to at least one of the uocaro; and 

affecting a characteristic associated with the network access provided to th e first user 
user(s ) identified in the detecting step, 

2. (curxendy amended) Themethodofclaiml wherein the afEecting step comprises the step of: 

affecting a performance characteristic of the network access provided to the first user 
user(5) i dentified in the detecting step. 

3. (currently amended) The method of claim 1 wherein the affecting step comprises the step of: 

degrading the network access provided to the first user user(s) identified in the detecting 

step. 

4. (currently amended) The method of claim 1 wherein the affecting step comprises the step of: 

denying further network access to the first user usegfe^ identified in the detecting step, 

5. (currendy amended) The method of claim 1 wherein the affecting step comprises the step of: 

charging the first user uocr(o) identified in die detecting step for further network access. . 
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6. (currently amended) The method.of daim 1 further comprising the step of 

notifying a -the first user when the aggregate vohime of data transfer traffic associated 
with the first user approaches a nct^^ork - utilizatlon milcotono the threshold . 

7. (currently amended) The method ofclaiml wherein the detecting step comprises 

comparing the aggregate number of transferred bvtes v olumo of trnffiQ associated with a 
the first user over a given time interval against a threshold level defining a the network 
utilization milestone. 

8. (original) Themethodof claim 3 wherein network access is degraded only with respect to a 
predefined set of traffic types. 

9. (original) Themethodof claim 4 wherein network access is denied only with respect to a 
predefined set of traffic types. 

10. (original) The method of claim 1 wherein the monitoring step is performed only with respect 
to a predefined set of traffic types. 

IL (currently amended) Amethodfacihtatingdeployment of volume-based network policies 
across a computer network, the method comprising the steps of 

monitorin g, over a given time interval, the aggregate v olume of data transfer 
corresponding to network traffic generated by each user of a plurality of users within a given 
time interval; 

detecting, for a first user in the plurality of users during the nmo intcg vat> a network 
utilization mileston e, wherein the network urilization milestone occurs when the aggregate 
volume of data transfer associated v^th the first user crosses a threshold relative to at loanr nno 
of the uacTs : and, 

affecting, for the remainder of the time interval, a characteristic associated with the 
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network access provided to the first user user(G) identified in the detecting step. 

12. (currendy amended) The method of claim 11 wherein the affecting step comprises the step 
of: . 

affecting a performance characteristic of the network access provided to the first user 
UQer(s) identified in the detecting step. 

13. (currendy amended) The method of claim U wherein the affecting step comprises the step 
ofc 

degrading the network access provided to th e first user usgr(o) identified in the detecting 

step. 

14. (currently amended) The method of ckim U wherein the affecting step comprises the step 
of: 

denjing further network access to the first user user( ^ identified in the detecting step, 

15. (currendy amended) The method of claim 11 wherein the affecting step comprises the step 
of: 

charging the first user UGer(G) identified in the detecting step for further network access. 

16. (currently amended) The method of claim 11 further comprising the step of 

notifying a -the first user when the aggregate TOlume of data transfer traffic associated 
with the first user approaches a network utilization mi]oGtono the threshold . 

17. (currendy amended) The method of claim U wherein the detecting step comprises 

comparing the aggxegate number of transferred bvtes v olumQ of traffic associated with ft 
^ef^^t^ user over a given tim6 interval against a dircshold level defining a the network 
utilisation milestone. 
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18. (original) The method of claim 17 wherein the time interval is a fixed time interval. 

19. (original) Themethodof claim 17 wherein the time interval is a sliding time inter\'aL 

20. (original) The method of claim 13 wherein network access is degraded only v^oth respect to a 
predefined set of traffic types. 

21. (ori^nal) The method of claim H wherein nerwork access is Mcd only Mh rcspcct tO a 

predefined set of traffic types. 

22. (original) The method of claim 1 wherein the monitoring step is performed only with 
respect to a predefined set of traffic types. 

23. (currently amended) Amethodfacilitatingdeployment of volume-based network policies 
across a computer network, the method comprising the steps of 

registering a user at a network access device connected to a first computer network, the 
network access de\'ice including an IP address: 
associating the IP address with the user; 

providing the user access to a second computer network by changing the configuration of 
a network device in a commxmicadon path between the first computer network and the second 
computer network; 

monitoring, over a gi ven time interval, the aggregate v olume of data transfer network 
traffic associated with the IP address; 

detecting a network utilisation milestone based on the aggregate volume of data transfer 
associated with the IP address relative to a threshol d tho volume of netwnrif trnFfrr n.QnnPiat:rx s i 
v^ath th e IP nddrooo ; 

changing the configuration of the network device to affect a characteristic associated 
with access to the second network provided to the user. 
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24. (currently amended) An apparatus facilitating tie deployment of volume-based network 
policies across a first computer network, the first computer network comprising at least one 
traffic monitoring device operative to monitor the volume of network traffic generated by 
indi\'idual users, and at least one network control device operative to control access to a second 
computer network, comprising 

a user accoimt database maintaining the respective aggregate volumes of data transfer 
corresponding to each user of netw^ork traffic goncratGd by a plurality of users; 

a data logging module operative to collect the aggregate volume of data transfer for the 
plurality of users n cD > vork utilization data from thp trafSc mnnlrnrinnr rlpxrirn and store the 
network utilisation collected data in the user account database; 

a network usage monitor operative to: 

scan the user account database to detec t, for a first user in the plurality of users, a 
network utilization milestone reached by-e the first user based on the aggregate v olume of data 
transfer network traffic associated with the first user in relation to a threshold and a given time 
interval , and . . 

modify the configuration of the network control de\'ice to affect a characteristic of 
access to the second computer network for the first user. 

25. (original) The apparatus of claim 24 further comprisrag a user interface module operative to 
register new users and create corresponding user accounts in the user account database. 

26. (original) Theapparatusof claim 25 wherein the apparatus, in response to registration of a 
new user, is operative to modify the configuration of the network control device to allow access 
to the second computer network for the new user. 

27. (currently amended) A system facilitating the deployment of volume-based network 
policies across a first computer network, comprising 

a bandwidth management de\ice operably cormected to a communication path between 
the first computer network and a second computer network, 
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wherein the bandwidth management device is operative to: 

monitor, for a first hos t in a plurality of hosts connected to the first netwoA, the 
aggregate volume of network traffic generated by the first host over a given time interval 
indixadual hosts on the firat cotapurcr network , and 

enforce bandwidth utilization controls associated with individual hosts on data 
flow-s generated by the respective individual Hosts; 
a user management server operative to: 

detect, for the first user, a network utilization milestone based on the aggregate 
volume of data tra nsfer in relation to a utilization threshold and the given time int^al n etworlc 
traffic aoGOcia tod with an indL\idual hoot ; and, 

in response to a network utilization milestone, change the configuration of the 
bandwidth management device to associate bandwidth utilization controls corresponding to the 
milestone with the fi^ individual host. 

28. (original) The system of claim 27 wherein the bandwidth management device is operative to 
redirect data flows generated by unknown hosts on the first computer network to the user 
management server; and wherein user management server is operative to register unknown hosts 
and change the configuration of the bandwidth management device to associate the host with 
bandwidth utilization controls operative to permit access to the second network. 

29. (original) The system of claim 27 wherein the handwdddi utilization controls associated 
with the milestone are operative to deny access to the second computer network. 

30. (original) The system of claim 27 wherein the bandwidth utilization controls associated 
with the milestone are operative to degrade access to the second computer network 

3L (original) The system of claim 27 wherein the bandwidth management device is further 
operative identify network traffic types associated with data flows traversing the device; and 
wherein the user management server is operative to configure bandwidth utilization controls 
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applicable to traffic tj^es identified by the bandwidth management device. 

32. (original) The system of claim 27 wherein the bandwidth management device and the user 
manag^ent server reside on the same device. 
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